The Office of Personnel Management said it will send notices to 4 million people that personally identifiable information may have been compromised by the breach, and said it will pay for 18 months’ worth of credit monitoring for those who were affected.

OPM Director Katherine Archuleta said they’re rushing to try to improve cybersecurity, and insisted they “take very seriously our responsibility to secure the information stored in our systems.”

The revelation comes on the heels of the IRS’s admission that hackers broke into one of its systems and stole the tax transcripts, including some of the most sensitive information possible, about 104,000 taxpayers. In 13,000 cases the hackers used the new information to file false refund requests, stealing as much as $39 million from the federal government.

The new breach affected systems at the Interior Department and the OPM.

Homeland Security Department officials, who are tasked with defending against cyberattacks, said they are working with the FBI to try to get to the bottom of the apparent attack.

“As we constantly do, DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion,” said Homeland Security spokesman Sy Lee.

It was unclear when the breach happened, though it was only discovered after OPM began more thorough monitoring of its own network. The agency first detected a problem in late April, and confirmed the breach in early May.

“The cyber threat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue,” said Rep. Adam Schiff, ranking Democrat on the House intelligence committee.

Mr. Schiff said the new breach was particularly troubling because it affected computer systems that most Americans expect to be defended by state-of-the-art measures.